Common use of SUB-PROCESSOR’S OBLIGATIONS Clause in Contracts

SUB-PROCESSOR’S OBLIGATIONS. 3.1. Sub-Processor commits to complying with the following obligations, including those defined in Annexes 1, 2 and 3 which are considered an integral part of this DSPA: a) Sub-Processor will Process Client Personal Data only as necessary to provide the Service and subject to the Client’s written instructions, including as provided in the Agreement and this DSPA; b) Sub-Processor will notify the Client in the event that it considers a specific written instruction that was received, to be in violation of the Applicable Data Protection Laws; c) Sub-Processor will notify the Client without undue delay of any contact, communication or correspondence it may receive from a Supervisory Authority, related to the Processing of Client Personal Data; d) Sub-Processor has implemented adequate operational, technical and organisational measures under Art. 32 GDPR to protect the Client Personal Data. The Parties are aware and agree that the Sub-Processor is expressly authorized to implement alternative measures or to establish alternative places of data retention provided the level of security of the measures or places chosen is considered, in all respects, adequate; e) In the event that the Sub-Processor discloses Client Personal Data to its personnel which is directly and exclusively involved in the provision of the Service, Sub-Processor will ensure that such personnel: i) is committed to confidentiality or is under an appropriate statutory obligation of confidentiality; and ii) Processes Client Personal Data under the instructions of Sub-Processor, and in compliance with Sub-Processor’s obligations under this DSPA.